docker-openldap
docker-openldap copied to clipboard
Published
20 hours ago •
osixia
osixia
DISABLE_CHOWN env var not being used
I'm trying to spin this container up on a raspberry pi 4. Even though I've specified the 'DISABLE_CHOWN' flag, I still see this error on startup:
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml
To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/slapd...
Database and config directory are empty...
Init new ldap server...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.50+dfsg-1~bpo10+1... done.
chown: changing ownership of '/var/lib/ldap': Operation not permitted
*** /container/run/startup/slapd failed with status 1
*** Killing all processes...
Here's my docker-compose contents:
version: '3'
services:
nginx:
image: osixia/openldap:1.3.0
volumes:
- /apps/data/openldap/db:/var/lib/ldap
- /apps/data/openldap/config:/etc/ldap/slapd.d
deploy:
mode: replicated
ports:
- 389:389
- 636:636
environment:
- LDAP_ORGANISATION=myorg
- LDAP_DOMAIN=mydomain.com
- LDAP_ADMIN_PASSWORD=mypassword
- DISABLE_CHOWN=true
/apps is an nfs4 mount with 777 permissions. The user account running docker is also the owner of /apps.
Can I change the permissions manually on this volume folder?
DISABLE_CHOWN partially works in 1.4.0+ but there are still some chgrp actions going on:
To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** INFO | 2021-10-20 10:41:44 | Running /container/run/startup/:cron...
*** INFO | 2021-10-20 10:41:44 | Running /container/run/startup/:logrotate...
*** INFO | 2021-10-20 10:41:44 | Running /container/run/startup/:ssl-tools...
*** INFO | 2021-10-20 10:41:44 | Running /container/run/startup/:syslog-ng-core...
*** INFO | 2021-10-20 10:41:44 | Running /container/run/startup/slapd...
*** INFO | 2021-10-20 10:41:44 | openldap user and group adjustments
*** INFO | 2021-10-20 10:41:44 | get current openldap uid/gid info inside container
*** INFO | 2021-10-20 10:41:44 | -------------------------------------
*** INFO | 2021-10-20 10:41:44 | openldap GID/UID
*** INFO | 2021-10-20 10:41:44 | -------------------------------------
*** INFO | 2021-10-20 10:41:44 | User uid: 911
*** INFO | 2021-10-20 10:41:44 | User gid: 911
*** INFO | 2021-10-20 10:41:44 | uid/gid changed: false
*** INFO | 2021-10-20 10:41:44 | -------------------------------------
*** INFO | 2021-10-20 10:41:45 | Database and config directory are empty...
*** INFO | 2021-10-20 10:41:45 | Init new ldap server...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.57+dfsg-1~bpo10+1... done.
chgrp: changing group of '/var/lib/ldap': Operation not permitted
*** ERROR | 2021-10-20 10:41:45 | /container/run/startup/slapd failed with status 1
*** INFO | 2021-10-20 10:41:45 | Killing all processes...
I tried to add a DISABLE_CHGRP just in case I had missed a variable, but I don't believe this exists.
I have the same issue in 1.5.0. Here is the log. I have DISABLE_CHOWN set to true. I have also no clue from where this chown: changing ownership of '/var/lib/ldap': Operation not permitted comes.
*** DEBUG | 2022-01-11 13:14:40 | ------------------------------------------
*** INFO | 2022-01-11 13:14:40 | Running /container/run/startup/slapd...
*** DEBUG | 2022-01-11 13:14:40 | ------------ Environment dump ------------
*** DEBUG | 2022-01-11 13:14:40 | CONTAINER_LOG_LEVEL = 4
*** DEBUG | 2022-01-11 13:14:40 | CONTAINER_SERVICE_DIR = /container/run/service
*** DEBUG | 2022-01-11 13:14:40 | CONTAINER_STATE_DIR = /container/run/state
*** DEBUG | 2022-01-11 13:14:40 | DISABLE_CHOWN = true
*** DEBUG | 2022-01-11 13:14:40 | HOME = /root
*** DEBUG | 2022-01-11 13:14:40 | HOSTNAME = openldap-stack-ha-0
...
*** DEBUG | 2022-01-11 13:14:40 | ------------------------------------------
*** INFO | 2022-01-11 13:14:40 | openldap user and group adjustments
*** INFO | 2022-01-11 13:14:40 | get current openldap uid/gid info inside container
*** INFO | 2022-01-11 13:14:40 | -------------------------------------
*** INFO | 2022-01-11 13:14:40 | openldap GID/UID
*** INFO | 2022-01-11 13:14:40 | -------------------------------------
*** INFO | 2022-01-11 13:14:40 | User uid: 911
*** INFO | 2022-01-11 13:14:40 | User gid: 911
*** INFO | 2022-01-11 13:14:40 | uid/gid changed: false
*** INFO | 2022-01-11 13:14:40 | -------------------------------------
*** INFO | 2022-01-11 13:14:40 | Database and config directory are empty...
*** INFO | 2022-01-11 13:14:40 | Init new ldap server...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.57+dfsg-1~bpo10+1... done.
chown: changing ownership of '/var/lib/ldap': Operation not permitted
*** ERROR | 2022-01-11 13:14:40 | /container/run/startup/slapd failed with status 1
*** DEBUG | 2022-01-11 13:14:40 | Run commands before finish...
*** INFO | 2022-01-11 13:14:40 | Killing all processes...
After testing, the error comes from dpkg-reconfigure -f noninteractive slapd
root@openldap-stack-ha-0:/container/service/slapd# dpkg-reconfigure -f noninteractive slapd
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.57+dfsg-1~bpo10+1... done.
chown: changing ownership of '/var/lib/ldap': Operation not permitted
Did anyone find a solution for this? Running into the same issue
Update I ended up moving from an NFS PV to local-storage as I'm running a single node at home. Not ideal, but works for my use-case
